hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,611 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

9628 Commits

Author SHA1 Message Date
Henry Mercer
b737bccb07 Python: Fix "be be" typos in qhelp 2025-10-14 11:33:24 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
Owen Mansel-Chan
2f22acdd06 Remove hashing example when not covered by query 2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1 Remove erroneous comma 2025-10-08 14:08:36 +01:00
Nora Dimitrijević
c749607db8 Bump python extractor version to 7.1.5 2025-10-07 11:22:16 +02:00
Nora Dimitrijević
ece121070b Add change note. 2025-10-06 12:31:21 +02:00
Nora Dimitrijević
9d7c52423a Basic python overlay tests 
The base source is in basic-overlay-eval/orig_src,
the overlay source is in basic-full-eval.

We run two tests: a full evaluation test in basic-full-eval,
and an overlay evaluation test in basic-overlay-eval.

The test source and expected results are the SAME,
due to the .qlref, meaning we expect the same results
for full and overlay evaluation.
 2025-10-06 12:30:08 +02:00
Nora Dimitrijević
20d4e429ca Add consistency query (exactly one path for every entity) 2025-10-06 11:47:56 +02:00
Nora Dimitrijević
7174d4c8ba Overlay.qll: discard predicates 
for dbscheme elements with direct or indirect location links in dbscheme.

- Unify discardable entities under one Discardable superclass.
- Two discard predicates depending on TRAP ID type.
- Future-proof the XML and Yaml discard predicates for when their
  extractors become incremental.
 2025-10-06 11:47:51 +02:00
Nora Dimitrijević
1a9683f986 Add @top database type 2025-10-06 11:47:14 +02:00
Nora Dimitrijević
6f208e9dec Write overlay metadata at end of extraction. 2025-10-06 11:47:12 +02:00
Nora Dimitrijević
49b18db044 Python extractor: in overlay mode, traverse only changed files 
- fall back to full extraction on overlay changes json read error
- we filter both root modules and (transitive) imports against the overlay-changes json.
 2025-10-06 11:47:09 +02:00
Nora Dimitrijević
e0cf719cb9 Path transformer: handle Windows-style paths 
And don't add slash to start of path patterns on Windows.
 2025-10-06 11:37:04 +02:00
Nora Dimitrijević
29b1a7403b Support CODEQL_PATH_TRANSFORMER env var in python path renamer 
The new name is required by overlay support.
 2025-10-06 11:37:02 +02:00
Nora Dimitrijević
1574b5fd91 Add synthetic data to dbscheme.stats for databaseMetadata/overlayChangedFiles 2025-10-06 11:37:00 +02:00
Nora Dimitrijević
1c3a7f2b1e Add database upgrade/downgrade scripts 2025-10-06 11:36:58 +02:00
Nora Dimitrijević
a88d3397cd Add overlay builtins to python dbscheme 2025-10-06 11:36:56 +02:00
Nora Dimitrijević
4c9ca93cdf Turn on overlay support in codeql-extractor.yml 2025-10-06 11:36:54 +02:00
Nora Dimitrijević
dac50fa0c1 Enable overlay compilation in lib/qlpack.yml 2025-10-06 11:36:51 +02:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Taus
e592fd60ff Merge pull request #20495 from github/tausbn/python-fix-unmatchable-dollar-in-lookahead 
Python: Fix false positive for unmatchable dollar/caret
 2025-09-25 15:27:32 +02:00
Joe Farebrother
cb7b1efe81 Update alert message 2025-09-25 09:52:27 +01:00
Joe Farebrother
9f5bfeb7f4 Update test output 2025-09-24 15:03:40 +01:00
Joe Farebrother
654ed9ca12 Update integration tests 2025-09-24 10:58:53 +01:00
Joe Farebrother
85f886932d Update changenote 2025-09-23 15:51:31 +01:00
Joe Farebrother
55fd7c85c6 Update documentation 2025-09-23 15:50:27 +01:00
Joe Farebrother
1208195d8a Align alert messages across languages. 2025-09-23 15:46:53 +01:00
Joe Farebrother
2cffb21604 Update and fix tests 2025-09-23 15:41:09 +01:00
Joe Farebrother
d28e8004fd Add sensitive data heuristic 2025-09-23 10:08:08 +01:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Joe Farebrother
6eac6b7258 Rename qhelp file 2025-09-19 17:03:19 +01:00
Taus
b9f073e596 Python: Update test output 2025-09-19 15:39:12 +00:00
Taus
95a84ad655 Python: Fix false positive for unmatchable dollar/caret 
Our previous modelling did not account for the fact that a lookahead can
potentially extend all the way to the end of the input (and similarly,
that a lookbehind can extend all the way to the beginning).

To fix this, I extended `firstPart` and `lastPart` to handle lookbehinds
and lookaheads correctly, and added some test cases (all of which yield
no new results).

Fixes #20429.
 2025-09-19 15:06:46 +00:00
Joe Farebrother
a9a258e743 Add changenote 2025-09-19 15:11:02 +01:00
Joe Farebrother
2e95c2b3c2 Split test cases for insecure cookie queries 2025-09-19 14:41:02 +01:00
Joe Farebrother
04316d306f Update qhelp 2025-09-19 12:42:30 +01:00
Joe Farebrother
7eabed6594 Split insecure cookies queries into 3 queries 2025-09-18 13:34:10 +01:00
Joe Farebrother
2cd1d2fd2f Merge pull request #20392 from joefarebrother/python-qual-file-not-closed 
Python: Improve File Not Closed query to reduce false positives and provide clearer alerts
 2025-09-18 09:33:08 +01:00
Joe Farebrother
f3802ec60f Merge pull request #20217 from joefarebrother/python-qual-signature-mismatch 
Python: Modernize the Signature Mismatch query
 2025-09-17 13:29:33 +01:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
Michael Nebel
34ebed1a24 Merge pull request #20402 from michaelnebel/python/code-quality-extended 
Python: Add most `medium` precision queries to the `code-quality-extended` suite.
 2025-09-17 13:48:35 +02:00
Taus
f5a06bef4a Merge pull request #19929 from github/tausbn/python-update-tree-sitter-dependency 
Python: Update `tree-sitter` dependency
 2025-09-17 13:40:13 +02:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Taus
8fd62252fd Python: Fix bad join in globalVariableNestedFieldJumpStep 2025-09-16 18:12:29 +02:00
Napalys Klicius
431fc8880e Python: Add change note 2025-09-16 18:08:53 +02:00
Napalys Klicius
e82fe9d919 Python: Updated doc string and removed redundant predicate. 2025-09-16 18:08:53 +02:00